Articles about Security

NirSoft has announced the public availability of DNSQuerySniffer, a tiny (130KB, including a Help file) network sniffer which detects and displays your DNS traffic.

If you think this sounds just a little technical, then you’re right, but the program does have some interesting applications. Malware will often use DNS traffic to communicate with its operators, for instance, and so taking a closer look at your own system may reveal the signs of an infection (a large number of failed lookups to domains you don’t recognize, say).

Continue reading →

Fans of social media were reassured this week as Twitter finally rolled out two-step verification, ostensibly making the service more secure for its millions of customers. This is a feature that other major companies like Microsoft, Google, and Facebook have already implemented and, on the surface, seemed a victory.

Not so fast. Security researchers at F-Secure are taking a closer look and deem the implementation "not great". The problem, according to Sean Sullivan, is that "an attacker could use SMS spoofing to disable 2FA if he knows the target's phone number".

Continue reading →

Removing malware used to be fairly easy, at least in principle. Detect the infection, kill any running processes and files, and that’s it -- finished.

These days, unfortunately, life can be more difficult. Some malware will actively try to block any attempts to remove it, perhaps preventing you from running antivirus tools, locking its files, maybe restarting itself if necessary. This can be frustratingly effective, too, but there are ways to fight back. And KillEmAll is a great place to start.

Continue reading →

Kim Dotcom enters the spotlight once again after claiming that Google, Facebook, Citibank and Twitter, among others, infringe upon his patent for two-factor authentication. The man is one of the founders of controversial Megaupload and Mega cloud storage lockers and is currently under indictment in the US for copyright infringement.

Dotcom decided to reveal the alleged wrongdoing and mention the patent yesterday, after Twitter enabled the security feature: "Twitter introduces Two-Step-Authentication. Using my invention. But they won't even verify my Twitter account?!". The patent in question was filed in 1998 by Kim Schmitz (Dotcom's birth name) and is named "Method for authorizing in data transmission systems".

Continue reading →

After a number of high-profile account hijacks and criticism from both its users and the tech media, Twitter finally decides to take security seriously. Today, the popular social network introduces two-factor authentication which, when enabled, requires users to type in an additional six-digit passcode received via SMS in order to log in.

Sadly, as I learned, not every user can actually enable the new security feature. Twitter says that folks must have a "verified phone number and confirmed email address", the former of which is still incompatible with my mobile operator: "Sorry, we don't have a connection to your carrier yet!". Other local mobile operators are supported, but not mine.

Continue reading →

Any old security suite can protect your PC with a firewall and an antivirus product so the big players are increasingly looking for new angles to try to get us to buy their products. BullGuard’s flagship offering already has parental controls, spam filtering and PC tuning tools, so the latest release -- out today -- goes for the personal protection approach.

No, it doesn’t come with a goon in a dark suit and sunglasses to follow you around. It offers safeguards against identity theft and data leaks, plus it has social media protection. As an added bonus the amount of online backup space included with the package is increased to 25GB.

Continue reading →

Irish security firm Safer-Networking Ltd has announced the release of Spybot +AV 2.1, a major reinvention of the package which sees the addition of virus protection for the Home ($13.99) and Professional ($25.99) versions (the free build removes malware and rootkits only).

A great deal of this new release is about delivering the framework necessary to support the antivirus engine. An update mechanism delivers antivirus signature files multiple times a day, for instance. The system offers real time protection, too, although this can optionally be turned off if there’s a chance of it conflicting with something else.

Continue reading →

As cloud-based storage gains traction vs. physical storage, there have been many big-name providers popping up, such as Google Drive and Amazon Cloud. However, Dropbox continues to be an extremely popular option for both personal and business users alike.

While already popular for business use, the company announced on April 10, 2013, that it was working on single sign-on for business users.  This would enable Dropbox to better integrate with the corporate world -- a huge step towards broader corporate adoption and acceptance.

Continue reading →

For even the most security minded individuals and organizations, malware continues to be a serious problem. It is all well and good knowing that your system has become infected and ensuring that you have the tools to perform a clean-up operation, but the key to avoiding future problems is determining the source of infections.

This is what Sourcefire aims to achieve with its new Network File Trajectory and Device Trajectory techniques. The company points out that in modern work environments the BYOD (Bring Your Own Device) model is becoming increasingly common. It is one thing to protect your own machines, but quite another to secure any device that may connect to a network.

Continue reading →

IObit has announced the public availability of IObit Malware Fighter 2.0, the next generation of its popular anti-malware tool.

The most obvious change this time is the move to a Windows 8-style interface: large tiles, stark black background, and everything happening in a single window, rather than separate dialogs. It looks good, and is easy to use.

Continue reading →

Today security firm F-Secure announces the discovery of a new Mac-based spyware program, the latest in what has become a small, but growing trend. Attacks have previously affected Apple itself, as well as users in the wild. The latest problem was discovered at a recent conference in Oslo, Norway.

The Oslo Freedom Forum, an event that is designed around the world's most influential dissidents, innovators, journalists, philanthropists, and policymakers, just wrapped up on May 15. During a workshop on freedom of speech, Jacob Applebaum, an independent computer security researcher, discovered a new and previously unknown backdoor on an African activist's Mac.

Continue reading →

Along with a number of major employers, e-skills UK  -- an organization dedicated to inspiring future talent in IT -- is developing a new apprenticeship scheme to build cyber security skills.

The scheme highlights the need to attract a new generation of talent into an industry where at the moment only 7 percent of security professionals are aged under 29. It will give youngsters an opportunity to start a career and earn a wage whilst working towards an internationally recognized qualification.

Continue reading →

F-Secure has released its latest mobile threat report for January to March 2013. Highlights include an increase in threat families and variants of almost 50 percent over the previous quarter, and that Android is still the most targeted mobile OS.

Android threats accounted for 136 of the 149 detected during the period, the other 13 being aimed at Symbian. No threats were reported for iOS, Blackberry or Windows Mobile. The report notes a particularly worrying trend towards the commoditization of malware, either by making premium rate calls or stealing bank details. 114 out of 149 threats found were profit motivated. The authors state:

Continue reading →

Web browsers are one of the main ways that malware finds its way onto your machine. Tests carried out by NSS Labs looked at the five major players, Chrome, Firefox, Safari, Opera and Internet Explorer to see which offers the best protection against more than 700 examples of real-world malware.

And the safest is... (Drum roll and a long, reality TV-style pause...) Internet Explorer 10, blocking 99.96 percent of known malicious downloads. Chrome comes second on 83.16 percent with the other three trailing a long way behind at around 10 percent each. This might come as a surprise to all those people who have long shunned Microsoft’s browser in favor of third-party alternatives on the grounds that they were safer.

Continue reading →

Security products that work across all of your digital devices from PCs to smartphones are nothing new -- Norton One has been around for over a year -- but now McAfee has joined the fray. LiveSafe includes virus protection, a password manager and encrypted cloud storage in a single package.

The most interesting feature is the secure online Personal Locker that gives users 1GB of storage to hold their sensitive documents, financial records, IDs and so on. This is secured using biometric authentication with voice, face and device recognition. It works using Intel Identity Protection Technology. This is a hardware authentication mechanism that’s built into the latest Intel processors. To access a file you need to enter a PIN, take a photo for facial recognition and read two messages to confirm your voice.

Continue reading →